did you try to take out 80 and 443 in the box below (NETWORK and then click save, both should have NULL), like that when you click START the add-on starts (maybe put also AUTO BOOT)
I did and like this after a minute you get something from the log
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: xxx.duckdns.org
Type: connection
Detail: Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
TADA!! It works,
This is what I did
cancel 80 in NETWORK and left 443 and click save. Then I click START the addon
port forwarded in router from 443 to 8123 of IP of pi3
in config
http:
# Uncomment this to add a password (recommended!)
api_password: !secret api_password
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
base_url: xxx.duckdns.org
restarted home assistant. Now it works
Err…this is the new DuckDNS add-on, doesn’t need the LetsEncrypt one, kind of the whole point.
Presumably this is in the LetsEncrypt add-on which you shouldn’t need as nothing like that in the duckDNS one?
Ahh ok, I see. Well my settings works now. Then maybe is just the port forwarding added that did th trick, not sure
If you add 8123 to the base url you supposedly shouldn’t need the port forward on the router!
Mmhh I think I tried that combination and wasn’t working.
Anyway is working now, I don’t mind keeping the settings of the router with the port forward
Don’t know whether it was anything to do with the 0.55 update last night but tried all my variations again this morning and with the combo of base_url without the port number and 443 forwarded to 8123 on the router, like @anon35356645, it suddenly decided to work this time.
Externally, the url is https://xxxxx.duckdns.org with no port, and internally it’s https://xxx.xxx.x.xxx:8123 though Chrome still isn’t happy and doesn’t want to load the page unless you force it and flags the page as below…
Only definite difference from my previous attempts was the 0.55 update that included the duckdns component though no reports that it should have any effect on this separate add-on, but heh, it now works!
Will submit the important bits for changes to the component page, once I’ve worked out exactly what they are, now I know how thanks to @Danielhiversen, so hopefully this process will become as “effortless” as it was sold 
it worked for me with 0.54
I know but not for me 
Indeed, but why would you access your own network via the outside world if you’re already on it
In my android app to have only one link (not two) that will work either with local WiFI and 3G. Same with Laptop. For desktop … because I am lazy 
Fair comment 
On from this morning’s success, if you add 8123 to the base_url you can indeed get rid of the port forward on your router.
@anon35356645, from your posts on other subjects I’m assuming your first hass.io version was 0.54? I went all in on the first version so am wondering if I’ve been carrying a bit of duff code (or maybe corruption) that may well have been right in later versions from scratch but didn’t get corrected on update until it overwrote 0.55. Only guessing obviously but it really didn’t work with EXACTLY the same input as before the update.
Have fixed all the other settings that were pointing at the non https version apart from the HASS Configurator add-on which I can’t get to load in the HA front end so far 
Correct, first Hassio 0.54
It works well for me, this in option
{
“homeassistant_api”: “https://xxx.duckdns.org/api”,
“homeassistant_password”: “hasspassword”,
“username”: “admin”,
“password”: “otherpass”,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”,
“ssl”: true,
“allowed_networks”: [
“192.168.0.0/16”
],
“banned_ips”: [
“8.8.8.8”
],
“ignore_pattern”: [
“pycache”
]
}3
Thanks, I was overthinking it and got hung up on putting the /ssl before the certificate and key files as per the HA config 
The left hand panel in the configurator, the trigger and entities etc bit, isn’t working properly though which is down to the api address, neither internal or external address makes any difference. Is your’s working OK?
So I tried it again after updating to 0.55, same issue as before. These are the steps I’m taking:
- Setup an account at DuckDNS.org and add a domain.
- Install the DuckDNS add-on and modify the “Options” section to look like this:
{
"lets_encrypt": {
"accept_terms": true,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
},
"token": "mytokenhere",
"domains": [
"mydomainhere.duckdns.org"
],
"seconds": 300
}
- Start DuckDNS and everything appears to be working fine in the DuckDNS logs.
- Add the following to my configuration file:
http:
api_password: !secret http_password
base_url: mydomainhere.duckdns.org:8123
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
- Restart Home Assistant.
I can access Home Assistant using https://hassio.local:8123 and it gives me the error about not having a private connection, etc. (as expected). If I try to access https://mydomainhere.duckdns.org using my phone (different network), it just sits there and eventually says “Safari cannot open the page because it could not establish a secure connection to the server.”
Edit: So I forwarded 443 to 8123 and now it seems to be working. I thought the whole point of this new method was so that we didn’t have to forward any ports. My firewall picked up me trying to access Hassio remotely from my mobile web browser. However, when I accessed Hassio from the HA iOS app, my firewall detected some random IP (different than my mobile device) trying to access my RPi3. Not sure if that’s normal… I’m obviously keeping it blocked for now and I’m still able to have full functionality with my HA iOS app.
The IP address in question is 38.142.184.10 which is blacklisted.
Edit 2: Firewall is picking up more activity now from Russia (5.8.10.202) which is also blacklisted. I’m turning DuckDNS off. Clearly there’s someone probably just doing a mass scan on duckdns.org addresses and attempting to hack whatever they can find.